ACF 5.10 Introduces Block API v2 Support, Block Preloading, and Security Improvements
Advanced Custom Fields (ACF) has released version 5.10, the first major release since the plugin was acquired by Delicious Brains. It introduces several new features that were previously experimental, closing out tickets that were started by previous owner Elliot Condon.
The release enables HTML escaping by default, which helps prevent Cross-Site Scripting (XSS) attacks. It runs content rendered by ACF through the WordPress
wp_kses() function. There was a little confusion about how this works and the release post has been updated to clarify:
“It’s important to note that this only affects content rendered by ACF in your WordPress dashboard or any front-end forms rendered through
acf_form(),” Iain Poulson said. “This will not affect field values loaded through API functions such as
the_field(). We don’t make any assumptions about where you are using your field values within your theme and do not escape to them as a result.”
Version 5.10 also introduces support for the WordPress Blocks API v2 for ACF blocks. WordPress 5.6 came with a new Block API that makes it easier for theme and plugin developers to style the block content with more consistent results matching the front end. The ACF team has created a Block API v2 help doc with examples that help developers update their blocks and make use of the new block filters included in the update.
Other features introduced in this release include block preloading turned on by default, a new full-height setting for blocks, opacity support for the color-picker, and many bug fixes. Next up on the roadmap for the plugin is adding WordPress REST API support to ACF field groups.
“We also plan to improve the performance of the plugin and work on other quality of life features. Now that our development team has a solid handle on the codebase and the release process, we can start working on these more complicated but long-requested features.”
Shortly after the acquisition, Delicious Brains representatives published a pinned thread in the forum, clarifying expectations for free support and response times. The official support forum for both free and PRO users can be found at support.advancedcustomfields.com, which is more active than the WordPress.org forums. Since the plugin is more developer-focused, the team is taking a looser approach to support by giving the community a place to help each other:
We rarely provide support in either forum. The exception is after a major release, when we keep an eye on both forums to spot any problems caused by the release.
The primary purpose of both forums is for people in the WordPress community who are having trouble with Advanced Custom Fields to help each other. Response times can range from a few days to a few weeks and will likely be from a non-developer. We jump in now and then when the description sounds suspiciously like a bug.
The release of version 5.10 is a good sign that ACF will continue to make progress under its new ownership and a reassuring milestone for the small minority of users who were unsure about the plugin’s future.